[opencms-dev] mod_proxy
Arash Kaffamanesh
arash.kaffamanesh at pomegranate.de
Mon May 23 23:17:17 CEST 2005
Bernd,
Now I'm sure that mod_porxy and mod_rewrite settings on my maschine
prevent the contactform from posting, because I've disabled apache and
let tomcat to work in standalone mode without ssl and without getting
rid of /opencms/opencms/ suffix, it worked fine (on windows 2003). On
Linux (SLES9) I have mod_jk and have a suffix as /portal/opencms/ for
accessing the pages / workplace via https (it was a requirement for the
intranet installation for security reasons)and the form works as a
charme and we don't want to get rid of /portal/opencms because we have
also /portal/forum and other apps under the same portal webapp context.
> So where do you use the normal HTTP Connector
> below? Or do you use it only for the form posting and mod_jk for the
rest? Just interested.
Yes I use it now for form processing directly over tomcat and not with
mod_proxy and mod_rewrite.
Now I'm going to build mod_jk (1.2.10) myself and use it with
mod_rewrite and find out how(if)it works, and how I could setup a
clustered tomcat installation on two seperate mashines for loadbalancing
and failover issues.
Regarding the self signed certificate, you are righ :-) but I don't care
in intranet, even not for my private site on internet and it works fine.
> the formdata will not be transmitted too
Why not?, it works for me and my clients perfectly, they have only to
accept once the certificate(if they like)and post their data securely or
access the opencms workplace with their favorite password, whithout
getting sniffed.
Perhaps paranoiac's who can't sleep at night, because of accessing some
self signed certificate once, could donate one or two verisign
certificates to us, so that they can sleep well ;-)
Kind Regards,
Arash
-----Original Message-----
From: opencms-dev-bounces at opencms.org
[mailto:opencms-dev-bounces at opencms.org] On Behalf Of Bernd Wolfsegger
Sent: Montag, 23. Mai 2005 16:52
To: opencms-dev at opencms.org
Subject: Re: [opencms-dev] mod_proxy
Arash,
On Monday 23 May 2005 13:02, ark-d at betasystems.com wrote:
> Bernd,
>
> I use a simplified templateone form module and mod_proxy and
> mod_rewrite without installing opencms as ROOT on my private site and
> have serveral other Installations for Intranet and Internet at work
> with mod_jk 1.2.x , because of LoadBalancing, Clustering, ease of use,
> etc. So I think mod_jk is the right solution for high performance and
> for multisite solutions.
Perhaps there is something wrong with that form module, because why does
it
only work with SSL?
But you said you use mod_jk. So where do you use the normal HTTP
Connector
below? Or do you use it only for the form posting and mod_jk for the
rest? Just interested.
And you can't use self signed certificates for official websites,
because the
user will always be prompted for a not trust worthy certificate. If
submitting your form just then change to a SSL connection and the form
itself was requested with a "normal" connection and you get this SSL
popup
and accept, the formdata will not be transmitted too.
Kind regards, Bernd
>
> > I can not afford a certificate right now
>
> I'm using a self signed and require ssl connection for the workplace
> like
> this:
>
> Create Self signed Certifcate:
>
> keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/.keystore
> -validity 365
>
> keytool -export -alias tomcat -file /path/to/tomcat-server.crt
> -keystore /path/to/.keystore
>
> keytool -import -file /path/to/tomcat-server.crt -keystore
> /path/to/cacerts
>
> server.xml settings:
>
> <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
> <!-- Commnet out from server.xml-->
> <Connector port="8443"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true" acceptCount="100"
> scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"
> keystoreFile="/path/to/.keystore"
> keystorePass="secret" truststoreFile="/path/to/cacerts"
> />
>
> Require ssl access for the workplace:
>
> paste into web.xml of opencms
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>OpenCmsServlet</web-resource-name>
> <url-pattern>/system/*</url-pattern>
> <http-method>GET</http-method> <http-method>POST</http-method>
> </web-resource-collection>
>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> > And how do you process the data?
>
> via the post method.
>
> Regards,
> Arash
>
>
>
>
>
>
>
>
> Bernd Wolfsegger
> <bw at code-create.c
> om>
To
> Sent by: <opencms-dev at opencms.org>
> opencms-dev-bounc
cc
> es at opencms.org
>
Subject
> Re: [opencms-dev] mod_proxy
> 23.05.2005 12:02
>
>
> Please respond to
> Bernd Wolfsegger
> <bw at code-create.c
> om>; Please
> respond to
> The OpenCms
> mailing list
> <opencms-dev at open
> cms.org>
>
>
>
>
>
>
> Arash,
>
> well, I also have a form on my site and I have no problems sending and
> receiving the data and I use mod_proxy/ROOT webapp etc. too, but no
> mod_jk. And I do not use https because I can not afford a certificate
> right now. But it would be better to have one for transmitting form
> data :). So what kind of
> form do you have? Is it a special OpenCms templateone thing or a self
> build.
> And how do you process the data?
>
> Kind Regards, Bernd
>
> On Monday 23 May 2005 11:11, ark-d at betasystems.com wrote:
> > Bernd Wolfsegger wrote:
> > > The problem ist not mod_proxy, it is the mod_alias Redirect,
> > > because it
> >
> > does
> >
> > > not redirect form data.
> >
> > Bernd,
> >
> > thanks for the hint, but I don't have mod_alias activated and the
> > form
>
> data
>
> > didn't got redirected.
> > As I wrote in my previous email, it works with secure access via
> > https://myserver/opencms/opencms/en/emailform.
> >
> > Regards,
> > Arash
> >
> > opencms-dev-bounces at opencms.org wrote on 23.05.2005 08:40:13:
> > > On Sunday 22 May 2005 22:47, Patrick Donker wrote:
> > > > Arash Kaffamanesh wrote:
> > > > >Yes it does the redirection from apache to tomcat. You don't
> > > > >need to install it as ROOT app. But my opinion is for setting
> > > > >up mutltisite installation it is better to have one tomcat
> > > > >installation with
> >
> > serveral
> >
> > > > >container instances, which can be started indepedently.
> > > >
> > > > So basically you are saying that in general it is better to have
> > > > it installed as a Root app? Or is it just the other way around
> > > > ;)? I'm a bit confused on what a Root app does to begin with.
> > >
> > > As far as I know the only difference is, that the ROOT webapp has
> > > no
> >
> > "name"
> >
> > > and so you do not need to "name" it in the URL. like other apps.
> > >
> > > > >The mod_proxy approach has some problems with posting forms I
> > > > >think
> >
> > and
> >
> > > > >therfore is not included in beta3 or the latest CVS HEAD.
> > > > >Installing opencms as ROOT had some problems with connecting
> > > > >via https to the workplace, at least by me.
> > > >
> > > > Hmmm...that could become a problem as many sites have forms.
> > >
> > > The problem ist not mod_proxy, it is the mod_alias Redirect,
> > > because it
> >
> > does
> >
> > > not redirect form data.
> > >
> > > > >I'm going to test mod_jk 1.2 and mod_rewrite with tomcat 5.5.9
> >
> > tomorrow,
> >
> > > > >perhaps it solves my problem with contact form fuctionality in
>
> online
>
> > > > >mode.
> > > >
> > > > Keep me informed. I'd like to hear your experiences on this as I
> > > > am
>
> new
>
> > > > to Opencms.
> > > >
> > > > Thanks
> > > > -Patrick
> > > >
> > > >
> > > > _______________________________________________
> > > > This mail is send to you from the opencms-dev mailing list To
> > > > change your list options, or to unsubscribe from the list,
> > > > please
> >
> > visit
> >
> > > > http://mail.opencms.org/mailman/listinfo/opencms-dev
> > >
> > > --
> > >
> > > [ Code Create
> > > [ Web Content Management and Presentation
> > >
> > >
> > > [ Bernd Wolfsegger
> > > [ Sun Certified Programmer for Java(TM) 2 Platform
> > >
> > >
> > > [ Office in Germany
> > > [
> > > [ Lohmeyerstrasse 13
> > > [ 10587 Berlin
> > > [ Germany
> > > [ Fon +49 (0)30 26555788
> > > [ Fax +49 (0)30 2651835
> > >
> > > [ Office in Kenya
> > > [
> > > [ P.O. Box 890
> > > [ V/Market
> > > [ 00621 Nairobi
> > > [ Kenya
> > > [ Mobile +254 (0)720 481053
> > >
> > > [ bw at code-create.com
> > > [ http://www.code-create.com/
> > >
> > >
> > >
> > > _______________________________________________
> > > This mail is send to you from the opencms-dev mailing list To
> > > change your list options, or to unsubscribe from the list, please
> >
> > visit
> >
> > > http://mail.opencms.org/mailman/listinfo/opencms-dev
>
> --
>
> [ Code Create
> [ Web Content Management and Presentation
>
>
> [ Bernd Wolfsegger
> [ Sun Certified Programmer for Java(TM) 2 Platform
>
>
> [ Office in Germany
> [
> [ Lohmeyerstrasse 13
> [ 10587 Berlin
> [ Germany
> [ Fon +49 (0)30 26555788
> [ Fax +49 (0)30 2651835
>
> [ Office in Kenya
> [
> [ P.O. Box 890
> [ V/Market
> [ 00621 Nairobi
> [ Kenya
> [ Mobile +254 (0)720 481053
>
> [ bw at code-create.com
> [ http://www.code-create.com/
>
>
>
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please
> visit http://mail.opencms.org/mailman/listinfo/opencms-dev
--
[ Code Create
[ Web Content Management and Presentation
[ Bernd Wolfsegger
[ Sun Certified Programmer for Java(TM) 2 Platform
[ Office in Germany
[
[ Lohmeyerstrasse 13
[ 10587 Berlin
[ Germany
[ Fon +49 (0)30 26555788
[ Fax +49 (0)30 2651835
[ Office in Kenya
[
[ P.O. Box 890
[ V/Market
[ 00621 Nairobi
[ Kenya
[ Mobile +254 (0)720 481053
[ bw at code-create.com
[ http://www.code-create.com/
_______________________________________________
This mail is send to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please
visit http://mail.opencms.org/mailman/listinfo/opencms-dev
More information about the opencms-dev
mailing list